PatchSiren cyber security CVE debrief
CVE-2023-52805 Siemens CVE debrief
CVE-2023-52805 is a vulnerability in the Linux kernel's JFS (Journaled File System) that was resolved with a fix for an array-index-out-of-bounds condition in the diAlloc function. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting its RUGGEDCOM RST2428P (6GK6242-6PA00) product, as documented in CISA advisory ICSA-25-226-15. The source advisory indicates the impact assessment for this CVE was marked as 'Misinformed' for affected product IDs. No CVSS score or severity rating is available in the source corpus. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P (6GK6242-6PA00) industrial Ethernet switches, particularly in critical infrastructure environments. Security teams responsible for OT/ICS asset management and patch management programs. Network administrators managing industrial control system networks using affected Siemens SCALANCE and RUGGEDCOM product families.
Technical summary
CVE-2023-52805 addresses an array-index-out-of-bounds vulnerability in the diAlloc function of the Journaled File System (JFS) in the Linux kernel. The vulnerability was resolved in the kernel source. Siemens has assessed this CVE as applicable to its RUGGEDCOM RST2428P (6GK6242-6PA00) product, with the impact marked as 'Misinformed' in the source advisory. The exact CVSS score and severity are not provided in the available source corpus. Organizations running affected Siemens industrial networking equipment should consult the vendor's ProductCERT advisory for specific remediation guidance.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance and patch availability
- Verify if RUGGEDCOM RST2428P (6GK6242-6PA00) deployments in your environment are running affected firmware versions
- Apply vendor-provided security updates when available, prioritizing systems with external network exposure
- Monitor CISA ICS advisories for updates to ICSA-25-226-15
- Implement network segmentation for industrial control systems per CISA recommended practices
- Follow defense-in-depth strategies for industrial control systems as outlined in CISA guidance
Evidence notes
The vulnerability description indicates a resolved array-index-out-of-bounds issue in the Linux kernel JFS diAlloc function. Siemens ProductCERT SSA-613116 is the primary source for product-specific impact information. CISA advisory ICSA-25-226-15 was republished on 2026-02-25 based on updates to the Siemens advisory. The threat category in the source is marked 'impact' with details 'Misinformed' for product IDs CSAFPID-0001, CSAFPID-0004, and CSAFPID-0003.
Official resources
-
CVE-2023-52805 CVE record
CVE.org
-
CVE-2023-52805 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12